At 16:48 UTC on Tuesday Jan 25, 2022, a third party informed Let’s Encrypt / ISRG that, while examining the Boulder codebase, they had noticed two irregularities in our implementation of the “TLS Using ALPN” validation method (BRs 3.2.2.4.20, RFC 8737). As a result, we have made two changes to the way that our TLS-ALPN-01 challenge validation works.
All active certificates that were issued and validated with the TLS-ALPN-01 challenge before our fix was deployed are considered mis-issued. In compliance with the Let’s Encrypt CP, we have 5-days to revoke and will begin to revoke certificates at 16:00 UTC on 28 January 2022. We estimate <1% of active certificates are affected. Subscribers affected by revocations will receive e-mail notifications if their ACME account contains a valid e-mail address. If you are affected by this revocation and need help renewing your certificate please ask questions in this thread
We will be providing more details about this incident in the next few days.
from Hacker News https://ift.tt/3G1IKT7
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.